Ubuntu

Ubuntu introduced a new service which enables live kernel patching on any Ubuntu 16.04 LTS system. This service allows system administrators to address critical security issues and vulnerabilities without rebooting the server.

Kernel live patching enables runtime correction of critical security issues in your kernel without rebooting. It’s the best way to ensure that machines are safe at the kernel level, while guaranteeing uptime, especially for container hosts where a single machine may be running thousands of different workloads

Procedures:

  1. Create an Ubuntu One account
  2. Generate your Livepatch Token
  3. Install and Enable Canonical Livepatch Service

Step 1 – Create an Ubuntu One account

To take advantage of this new service, you need to create a free Ubuntu One account in https://login.ubuntu.com/. Upon signing up, verify your account by clicking the link that would be sent in your email.

 

Step 2 – Generate your Livepatch Token

After verifying your Ubuntu One account, generate your livepatch token here:

https://auth.livepatch.canonical.com/

A single token can be used to enable the Canonical Livepatch Service in up to 3 servers. Once your token has been generated, you would see something like this:

Livepatch Token
Livepatch token generated along with handy instructions on how to enable it on your server

Once the token is generated, you can now install and enable the live kernel patch service in your Ubuntu box.

 

Step 3 – Install and Enable Canonical Livepatch Service

Login to your Ubuntu server and follow these commands:

Replace <TOKEN> with the one you generated from Step 2.

Verify your kernel’s status using the command below:

Output:

 

Voila! Your server is now gonna patch itself once it learns that it has a hole which someone might use to make it bleed trillion bits of 1’s and 0’s.

Leave a Reply